os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

First pass through next 1/3 of this article.

Browse source 
Sponsored by: iXsystems
This commit is contained in:
Dru Lavigne 2014-02-04 17:15:33 +00:00
parent f7aebf5b02
commit 2e7c5f8a7e
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=43765
1 changed files with 71 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

160
en_US.ISO8859-1/articles/linux-users/article.xml
View file

@ -48,7 +48,7 @@
</sect1>
<sect1 xml:id="shells">
<title>Shells: No Bash?</title>
<title>Default Shell</title>
<para>&linux; users are often surprised to find that
<application>Bash</application> is not the default shell in &os;.
@ -160,13 +160,13 @@
</sect1>
<sect1 xml:id="startup">
<title>System Startup: Where are the run-levels?</title>
<title>System Startup</title>
<para>&linux; uses the SysV init system, whereas &os; uses the
traditional BSD-style &man.init.8;. Under the BSD-style &man.init.8;
there are no run-levels and no <filename>/etc/inittab</filename>,
instead startup is controlled by the &man.rc.8; utility. The
<filename>/etc/rc</filename> script reads
<para>Many &linux; distributions use the SysV init system, whereas &os; uses the
traditional BSD-style &man.init.8;. Under the BSD-style &man.init.8;,
there are no run-levels and <filename>/etc/inittab</filename> does not exist.
Instead, startup is controlled by &man.rc.8; scripts. At system boot,
<filename>/etc/rc</filename> reads
<filename>/etc/defaults/rc.conf</filename> and
<filename>/etc/rc.conf</filename> to determine which services are to be
started. The specified services are then started by running the
@ -176,73 +176,63 @@
the scripts located in <filename>/etc/init.d/</filename> on &linux;
systems.</para>
<sidebar>
<para><emphasis>Why are there two locations for service initialization
scripts?</emphasis> The scripts found in
<para>The scripts found in
<filename>/etc/rc.d/</filename> are for applications that are part of
the <quote>base</quote> system. (&man.cron.8;, &man.sshd.8;,
&man.syslog.3;, and others.) The scripts in
the <quote>base</quote> system, such as &man.cron.8;, &man.sshd.8;, and
&man.syslog.3;. The scripts in
<filename>/usr/local/etc/rc.d/</filename> are for user-installed
applications such as <application>Apache</application>,
<application>Squid</application>, etc.</para>
applications such as <application>Apache</application> and
<application>Squid</application>.</para>
<para><emphasis>What is the difference between the <quote>base</quote>
system and user-installed applications?</emphasis> FreeBSD is
developed as a complete operating system. In other words, the
kernel, system libraries, and userland utilities (such as &man.ls.1;,
&man.cat.1;, &man.cp.1;, etc.) are developed and released together as
one. This is what is referred to as the <quote>base</quote> system.
The user-installed applications are applications that are not part of
the <quote>base</quote> system, such as
<application>Apache</application>, <application>X11</application>,
<application>Mozilla&nbsp;Firefox</application>, etc. These
user-installed applications are generally installed using &os;'s <link xlink:href="article.html#SOFTWARE">Packages and Ports&nbsp;Collection</link>.
<para>Since &os; is
developed as a complete operating system,
user-installed applications are not considered to be part of
the <quote>base</quote> system.
User-installed applications are generally installed using <link
xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/ports-using.html">Packages or Ports</link>.
In order to keep them separate from the <quote>base</quote> system,
user-installed applications are normally installed under
<filename>/usr/local/</filename>. Therefore the user-installed
user-installed applications are installed under
<filename>/usr/local/</filename>. Therefore, user-installed
binaries reside in <filename>/usr/local/bin/</filename>,
configuration files are in <filename>/usr/local/etc/</filename>,
and so on.</para>
</sidebar>
<para>Services are enabled by specifying
<literal>ServiceName_enable="YES"</literal> in
<filename>/etc/rc.conf</filename> (&man.rc.conf.5;). Take a look at
<filename>/etc/defaults/rc.conf</filename> for the system defaults,
<para>Services are enabled by adding an entry for the service in
<filename>/etc/rc.conf</filename> . The system defaults are found in
<filename>/etc/defaults/rc.conf</filename> and
these default settings are overridden by settings in
<filename>/etc/rc.conf</filename>. Also, when installing additional
applications be sure to review the documentation to determine how to
<filename>/etc/rc.conf</filename>. Refer to &man.rc.conf.5; for
more information about the available entries. When installing additional
applications, review the application's install message to determine how to
enable any associated services.</para>
<para>The following snippet from <filename>/etc/rc.conf</filename> enables
&man.sshd.8; and <application>Apache 2.2</application>. It also
specifies that <application>Apache</application> should be started
with SSL.</para>
<para>The following entries in <filename>/etc/rc.conf</filename> enable
&man.sshd.8;, enable <application>Apache 2.4</application>, and
specify that <application>Apache</application> should be started
with <acronym>SSL</acronym>.</para>
<programlisting># enable SSHD
sshd_enable="YES"
# enable Apache with SSL
apache22_enable="YES"
apache22_flags="-DSSL"</programlisting>
apache24_enable="YES"
apache24_flags="-DSSL"</programlisting>
<para>Once a service has been enabled in <filename>/etc/rc.conf</filename>,
the service can be started from the command line (without rebooting the
system):</para>
it can be started without rebooting the
system:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/sshd start</userinput></screen>
<screen>&prompt.root; <userinput>service sshd start</userinput>
&prompt.root; <userinput>service apache24 start</userinput></screen>
<para>If a service has not been enabled it can be started from the
command line using <option>forcestart</option>:</para>
<para>If a service has not been enabled, it can be started from the
command line using <option>onestart</option>:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/sshd forcestart</userinput></screen>
<screen>&prompt.root; <userinput>service sshd onestart</userinput></screen>
</sect1>
<sect1 xml:id="network">
<title>Network configuration</title>
<sect2 xml:id="interfaces">
<title>Network Interfaces</title>
<para>Instead of a generic <emphasis>ethX</emphasis> identifier that
&linux; uses to identify a network interface, &os; uses the driver
name followed by a number as the identifier. The following output
@ -262,75 +252,67 @@ em1: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:50:56:a7:03:2b
media: Ethernet autoselect (1000baseTX &lt;full-duplex&gt;)
status: active</screen>
</sect2>
<sect2 xml:id="ipaddress">
<title>IP Configuration</title>
<para>An IP address can be assigned to an interface using
&man.ifconfig.8;. However, to remain persistent across reboots the
IP configuration must be included in
<para>An <acronym>IP</acronym> address can be assigned to an interface using
&man.ifconfig.8;. To remain persistent across reboots, the
<acronym>IP</acronym> configuration must be included in
<filename>/etc/rc.conf</filename>. The following example
specifies the hostname, IP address, and default gateway:</para>
specifies the hostname, <acronym>IP</acronym> address, and default gateway:</para>
<programlisting>hostname="server1.example.com"
ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0"
ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0"
defaultrouter="10.10.10.1"</programlisting>
<para>Use the following to configure an interface for DHCP:</para>
<para>Use the following to instead configure an interface for <acronym>DHCP</acronym>:</para>
<programlisting>hostname="server1.example.com"
ifconfig_em0="DHCP"</programlisting>
</sect2>
</sect1>
<sect1 xml:id="firewall">
<title>Firewall</title>
<para>Like <application>IPTABLES</application> in &linux;, &os; also offers
a kernel level firewall; actually &os; offers three firewalls:</para>
<para>&os; does not use &linux; <application>IPTABLES</application> for its firewall. Instead, &os; offers
a choice of three kernel level firewalls:</para>
<itemizedlist>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html">IPFIREWALL</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html">IPFILTER</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html">PF</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html">IPFILTER</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html">IPFW</link></simpara></listitem>
</itemizedlist>
<para><application>IPFIREWALL</application> or
<application>IPFW</application> (the command to manage an
<application>IPFW</application> ruleset is &man.ipfw.8;) is the
firewall developed and maintained by the &os; developers.
<application>IPFW</application> can be paired with &man.dummynet.4; to
provide traffic shaping capabilities and simulate different types of
network connections.</para>
<para><application>PF</application> is
developed by the OpenBSD project and ported to &os;. <application>PF</application> was
created as a replacement for <application>IPFILTER</application> and
its syntax is similar to that of
<application>IPFILTER</application>. <application>PF</application> can
be paired with &man.altq.4; to provide <acronym>QoS</acronym> features.</para>
<para>Sample <application>IPFW</application> rule to allow
<application>SSH</application> in:</para>
<para>This sample <application>PF</application> entry allows inbound
<application>SSH</application>:</para>
<programlisting>ipfw add allow tcp from any to me 22 in via $ext_if</programlisting>
<programlisting>pass in on $ext_if inet proto tcp from any to ($ext_if) port 22</programlisting>
<para><application>IPFILTER</application> is the firewall application
developed by Darren&nbsp;Reed. It is not specific to &os;, and has been
<para><application>IPFILTER</application> is the firewall application
developed by Darren Reed. It is not specific to &os; and has been
ported to several operating systems including NetBSD, OpenBSD, SunOS,
HP/UX, and Solaris.</para>
<para>Sample <application>IPFILTER</application> command to allow
<application>SSH</application> in:</para>
<para>The <application>IPFILTER</application> syntax to allow inbound
<application>SSH</application> is:</para>
<programlisting>pass in on $ext_if proto tcp from any to any port = 22</programlisting>
<para><application>IPFW</application> is the
firewall developed and maintained by &os;.
It can be paired with &man.dummynet.4; to
provide traffic shaping capabilities and simulate different types of
network connections.</para>
<para>The last firewall application, <application>PF</application>, is
developed by the OpenBSD project. <application>PF</application> was
created as a replacement for <application>IPFILTER</application>. As
such, the <application>PF</application> syntax is very similar to that of
<application>IPFILTER</application>. <application>PF</application> can
be paired with &man.altq.4; to provide QoS features.</para>
<para>The <application>IPFW</application> syntax to allow inbound
<application>SSH</application> would be:</para>
<para>Sample <application>PF</application> command to allow
<application>SSH</application> in:</para>
<programlisting>pass in on $ext_if inet proto tcp from any to ($ext_if) port 22</programlisting>
<programlisting>ipfw add allow tcp from any to me 22 in via $ext_if</programlisting>
</sect1>
<sect1 xml:id="updates">